Tag: kubernetes

  • Kubernetes External Service with HTTPS

    This is a quick example to assign an SSL certificate to a Kubernetes external service(which is an ELB in AWS). Tested with kops 1.8 and kubernetes 1.8. — apiVersion: v1 kind: Service metadata: name: my-https-service namespace: my-project labels: app: my-website-ssl annotations: service.beta.kubernetes.io/aws-load-balancer-ssl-cert: “arn:aws:acm:ap-southeast-2:xxx:certificate/xxx…” service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “http” service.beta.kubernetes.io/aws-load-balancer-ssl-ports: “https” service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: ‘3600’ spec: type: LoadBalancer selector: app: my-website…

  • Get access to a container in Kubernetes cluster

    With Kubernetes(K8s), there’s no need to do ssh user@host anymore since everything is running as containers. There are still occasions when I need shell access to a container to do some troubleshooting. With Docker I can do It’s quite similar in K8s However in K8s containers have random IDs so I need to know the…

  • Internal Service in Kubernetes Cluster

    In Kubernetes(K8s) cluster, 1 or more containers form a pod and every container in the pod can access other container’s port just like apps in the same local host. For example: – pod1 – nginx1 – gunicorn1, port:8000 – pod2 – nginx2 – gunicorn2, port:8000 So nginx1 can access gunicorn1’s port using localhost:8000 and nginx2…

  • Kops: Add Policies for Migrated Apps

    When migrating some old applications to a Kubernetes(k8s) cluster provisioned by kops, a lot of things might break and one of them is the missing policy for the node. By default, nodes of a k8s cluster have the following permissions: ec2:Describe* ecr:GetAuthorizationToken ecr:BatchCheckLayerAvailability ecr:GetDownloadUrlForLayer ecr:GetRepositoryPolicy ecr:DescribeRepositories ecr:ListImages ecr:BatchGetImage route53:ListHostedZones route53:GetChange // The following permissions are…

  • Notes: BuildKite and Kubernetes Rolling Update

    This is kind of a textbook case that container is much more efficient than VM. The CI pipeline in comparison uses AWS CloudFormation to build new VMs and drain old VMs to do a rolling update, which takes around 10 minutes for everything even if it’s just 1 line of code changed. I did a…

  • Kubernetes Tips: ConfigMap

    This is how to update a config map with 1 line: kubectl create configmap foo –from-file foo.properties -o yaml –dry-run | kubectl replace -f – I found it here: https://stackoverflow.com/questions/38216278/update-k8s-configmap-or-secret-without-deleting-the-existing-one And this is how to mount a config map created from a file as file(not super intuitive but a config map can only be mounted as…

  • Play a bit Kubernetes with Minikube

    I’ve just played a bit Kubernetes on my Arch Linux laptop, with Minikube. It’s easier than I thought. Since I’ve already installed VirtualBox from the start, I can use minikube right after I installed it with curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/ The command I used to start…